The Cyber Program held two inaugural events in early May to further its research efforts and foster dialogue amongst diverse stakeholders about key cyber security issues. Both events were organized in partnership with the EU Cyber Diplomacy Initiative (EU Cyber Direct).
An interactive roundtable on May 3 brought together representatives of the diplomatic community, industry, academia, and other stakeholders for an exploratory discussion about the diverse and sometimes “outside the box” efforts to foster accountability and transparency in cyberspace. Stimson Cyber Program Lead Allison Pytlak described Stimson’s new Cyber Accountability project and welcomed Valerie M. Cofield, Chief Strategy Officer at the Cybersecurity and Infrastructure Security Agency (CISA), and Michael Daniel, President and CEO of Cyber Threat Alliance. Both described relevant activities and efforts such as the Cybercrime Atlas initiative, policies that promote transparency and improve information sharing – but also underscored the challenges they and others face. Representatives of the UN Institute for Disarmament Research (UNIDIR) and MITRE also outlined research and policies they are undertaking that could bolster accountability.
A major takeaway from the lunch is that accountability requires coordination, collaboration, and holistic approaches. Some participants focus their efforts on non-state actors such as cyber criminals, whereas others emphasized the state accountability. There was also discussion about accountability for software and hardware providers (such as security by design/default) and accountability for end-users, including by building capacities and viewing cyber security spending as an investment.
On May 4, the Stimson Center had an opportunity to scope its cyber accountability research project through a full-day workshop “Fostering Accountability in Cyberspace” held at the Embassy of Switzerland to the United States. Words of welcome were provided by Swiss Ambassador H.E. Pitteloud and Stimson President Brian Finlay. Workshop sessions concentrated on navigating diverse understandings and approaches to cyber accountability; the relationship between accountability and deterrence; and an examination of current approaches and initiatives.
While the workshop discussions tended to focus on state behavior in cyberspace and the role of the UN Framework, perspectives and contributions from industry representatives and researchers rounded out the discussion. Regional perspectives, including from Africa, Europe, Latin America and North America were prevalent throughout. Some participants reminded the group of the human rights dimension of international cyber security and accountability discussions. Small group dialogues enabled focused discussion and response to Stimson’s on-going research about lessons learned from non-cyber threats, that will inform the next phase of research.
An important output of the workshop will be the publication of five briefing papers commissioned by EU Cyber Direct that will explore various regional perspectives on accountability, the relationship to capacity building and to deterrence, and the role of data.
